| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20190415212129.1112-7-jeremy.linton@arm.com>
Date: Mon, 15 Apr 2019 16:21:25 -0500
From: Jeremy Linton <jeremy.linton@....com>
To: linux-arm-kernel@...ts.infradead.org
Cc: catalin.marinas@....com, will.deacon@....com, marc.zyngier@....com,
suzuki.poulose@....com, Dave.Martin@....com,
shankerd@...eaurora.org, julien.thierry@....com,
mlangsdo@...hat.com, stefan.wahren@...e.com,
Andre.Przywara@....com, linux-kernel@...r.kernel.org,
Jeremy Linton <jeremy.linton@....com>,
Andre Przywara <andre.przywara@....com>
Subject: [v8 06/10] arm64: Always enable spectrev2 vulnerability detection
The sysfs patches need to display machine vulnerability
status regardless of kernel config. Prepare for that
by breaking out the vulnerability/mitigation detection
code from the logic which implements the mitigation.
Signed-off-by: Jeremy Linton <jeremy.linton@....com>
Reviewed-by: Andre Przywara <andre.przywara@....com>
Reviewed-by: Catalin Marinas <catalin.marinas@....com>
Tested-by: Stefan Wahren <stefan.wahren@...e.com>
---
arch/arm64/kernel/cpu_errata.c | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a/arch/arm64/kernel/cpu_errata.c b/arch/arm64/kernel/cpu_errata.c
index 60cf87c4deb7..bd2cdd22da99 100644
--- a/arch/arm64/kernel/cpu_errata.c
+++ b/arch/arm64/kernel/cpu_errata.c
@@ -109,7 +109,6 @@ cpu_enable_trap_ctr_access(const struct arm64_cpu_capabilities *__unused)
atomic_t arm64_el2_vector_last_slot = ATOMIC_INIT(-1);
-#ifdef CONFIG_HARDEN_BRANCH_PREDICTOR
#include <asm/mmu_context.h>
#include <asm/cacheflush.h>
@@ -270,11 +269,11 @@ static int detect_harden_bp_fw(void)
((midr & MIDR_CPU_MODEL_MASK) == MIDR_QCOM_FALKOR_V1))
cb = qcom_link_stack_sanitization;
- install_bp_hardening_cb(cb, smccc_start, smccc_end);
+ if (IS_ENABLED(CONFIG_HARDEN_BRANCH_PREDICTOR))
+ install_bp_hardening_cb(cb, smccc_start, smccc_end);
return 1;
}
-#endif /* CONFIG_HARDEN_BRANCH_PREDICTOR */
#ifdef CONFIG_ARM64_SSBD
DEFINE_PER_CPU_READ_MOSTLY(u64, arm64_ssbd_callback_required);
@@ -513,7 +512,6 @@ cpu_enable_cache_maint_trap(const struct arm64_cpu_capabilities *__unused)
.type = ARM64_CPUCAP_LOCAL_CPU_ERRATUM, \
CAP_MIDR_RANGE_LIST(midr_list)
-#ifdef CONFIG_HARDEN_BRANCH_PREDICTOR
/*
* List of CPUs that do not need any Spectre-v2 mitigation at all.
*/
@@ -545,6 +543,11 @@ check_branch_predictor(const struct arm64_cpu_capabilities *entry, int scope)
if (!need_wa)
return false;
+ if (!IS_ENABLED(CONFIG_HARDEN_BRANCH_PREDICTOR)) {
+ pr_warn_once("spectrev2 mitigation disabled by configuration\n");
+ return false;
+ }
+
/* forced off */
if (__nospectre_v2) {
pr_info_once("spectrev2 mitigation disabled by command line option\n");
@@ -556,7 +559,6 @@ check_branch_predictor(const struct arm64_cpu_capabilities *entry, int scope)
return (need_wa > 0);
}
-#endif
#ifdef CONFIG_HARDEN_EL2_VECTORS
@@ -731,13 +733,11 @@ const struct arm64_cpu_capabilities arm64_errata[] = {
ERRATA_MIDR_ALL_VERSIONS(MIDR_CORTEX_A73),
},
#endif
-#ifdef CONFIG_HARDEN_BRANCH_PREDICTOR
{
.capability = ARM64_HARDEN_BRANCH_PREDICTOR,
.type = ARM64_CPUCAP_LOCAL_CPU_ERRATUM,
.matches = check_branch_predictor,
},
-#endif
#ifdef CONFIG_HARDEN_EL2_VECTORS
{
.desc = "EL2 vector hardening",
--
2.20.1
Powered by blists - more mailing lists